Arikah Map

Internet Information Services

(Redirected from Internet Information Server)

Internet Information Services

<tr><td colspan="2" style="text-align: center;">Internet Information Services:Internet Information Services 7 Console
Screenshot of IIS 7's redesigned management console</td></tr><tr><th>Developer:</th><td>Microsoft</td></tr><tr><th>Latest release:</th><td>7.0 / </td></tr><tr><th>OS:</th><td>Microsoft Windows</td></tr>

Use:server

<tr><th>License:</th><td>Proprietary</td></tr>

Website: Microsoft Internet Information Services homepage

Microsoft Internet Information Services (IIS; sometimes, erroneously called Server or System) is a set of Internet-based services for servers using Microsoft Windows. It is the world's second most popular web server in terms of overall websites behind the Apache HTTP Server although the gap is decreasing according to Netcraft.

The servers currently include FTP, SMTP, NNTP and HTTP/HTTPS.


Contents

Versions

History

IIS was initially released as an additional set of Internet based services for Windows NT 3.51. IIS 2.0 followed adding support for the Windows NT 4.0 operating system and IIS 3.0 introduced the Active Server Pages dynamic scripting environment.

IIS 4.0 dropped support for the Gopher protocol and was bundled with Windows NT as a separate "Option Pack" CD-ROM.

The current shipping version of IIS is 6.0 for Windows Server 2003 and IIS 5.1 for Windows XP Professional. IIS 5.1 for Windows XP is a restricted version of IIS that supports only 10 simultaneous connections and a single web site.

Windows Vista will come preinstalled with IIS 7.0. It will not limit the number of connections allowed but will limit workloads based on the active concurrent requests, improving usability and performance in peer-to-peer scenarios.

Security

Earlier versions of IIS were hit with a spate of vulnerabilities, chief among them CA-2001-19 which led to the infamous "Code Red worm"; however, version 6.0 has only three reported issues that affect it, two "moderately critical", the third "not critical". In IIS 6.0, Microsoft has opted to change the behavior of pre-installed ISAPI handlers, many of which were culprits in the vulnerabilities on 4.0 and 5.0, thus reducing the attack surface of IIS. With its next release, IIS 7.0, Microsoft goes a step further by modularizing many of the components, creating a stack from which you can pick and choose.

In versions of IIS before 6.0, all the features were run on the System account, allowing exploits to run wild on the system. Under 6.0 all request handling processes have been brought under a Network Services account which has significantly fewer privileges. In particular this means that if there is an exploit in a feature or custom code, it wouldn't necessarily compromise the entire system given the sandboxed environment the worker processes run in. IIS 6.0 also contained a new kernel HTTP stack (http.sys) with a stricter HTTP request parser and response cache for both static and dynamic content.

Authentication mechanisms

IIS 5.0 and higher support the following authentication mechanisms:

Internet Information Services 7.0

Debuting with Windows Vista, and also to be included in Windows Server "Longhorn", IIS 7.0 features a modular architecture. Instead of a monolithic server which features all services, IIS 7 has a core web server engine. Modules offering specific functionality can be added to the engine to enable its features. The advantage of having this architecture is that only the features required can be enabled and that the functionalities can be extended by using custom modules.

The following sets of modules are slated to ship with the server:

  1. HTTP Modules
  2. Security Modules
  3. Content Modules
  4. Compression Modules
  5. Caching Modules
  6. Logging and Diagnostics Modules

Writing extensions to IIS 7 using ISAPI has been deprecated in favor of the module API. Much of IIS's own functionality is built on this API, and as such, developers will have much more control over a request process than was possible in prior versions. Modules can also be written using any .NET Framework language, and can be deployed on a per-site basis.

A significant change from previous versions of IIS is that all web server configuration information is stored solely in XML configuration files, instead of in the metabase. The server has a global configuration file that provides defaults, and each virtual web's document root (and any subdirectory thereof) may contain a web.config containing setting that augments or overrides the defaults. Changes to these files take effect immediately. This marks a significant departure from previous versions whereby web interfaces, or machine administrator access, were required to change simple settings such as default document, active modules and security/authentication. It also eliminates the need to perform metabase synchronization between multiple servers in a farm of web servers.

IIS 7 also features a completely rewritten administration interface that takes advantage of modern MMC features such as task panes and asynchronous operation. Configuration of ASP.NET is more fully integrated into the administrative interface.

Other changes:

See also

Free alternatives

References

Categories


FTP server software | Mail transport agents | Microsoft server technology | Web server software

Find

Find

Find